Local User Authentication Failed When LDAP Server is Not Available
When we stop using the LDAP server and or somehow network disconnected from the LDAP server. We are unable to login into the server even from local user with the correct password. After reset the password also the local user is unable to log in or su to local user is denied.
- RHEL 6
- RHEL 7
- RHEL 8
- Centos and other GNU LInux
- Local user is unable to login system, LDAP server is unavailable
- Local user is unable to login system, AD server is unavailable
- Local user is unable to switch user
Change in file /etc/nsswitch.conf passwd option to:
# passwd: ldap [!SUCCESS=continue] files
When we do the hardening of the server or system we configure nsswitch.conf file. So when the LDAP server is unreachable PAM fails to receive authentication information for the user due to this user failed to login.
If we log in from a remote user:
# test@test1 # ssh abc@somehost
Connection closed by 10.15.217.222
If we log in from a local user:
# [abc@somehost ~]$ su - abc
su: incorrect password
Maybe you need to start system-daemon. But it is not necessary it works without it.
Now you have successfully logged in to the system with the local user to which you were not able to log in.